-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauto-fill-post-password-from-url.php
75 lines (56 loc) · 2.46 KB
/
auto-fill-post-password-from-url.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
/*
Plugin Name: Auto fill post password from url
Plugin URI: https://github.com/CrossMediaCloud/auto-fill-post-password-from-url
Description: Fills out the post password for the user if provided in the url
Version: 0.1
Author: Cross Media Cloud
Author URI: http://www.Cross-Media-Cloud.de
License: GPL2
*/
/*
* Redirect to login if password is required and provided in url
*/
add_action( 'template_redirect', 'cmc_afppwbu_redirect', 9 );
function cmc_afppwbu_redirect() {
// Check if the post needs a post password
if ( post_password_required() ) {
// Post is password protected
// if parameter was changed by filter
$cmc_password_url_parameter = sanitize_title( apply_filters( 'cmc_afppwbu_url_parameter', 'access_token' ) );
// Check if a access token was provided
if ( isset( $_GET[ $cmc_password_url_parameter ] ) ) {
// Make the token more safe
$cmc_access_token = preg_replace( '/[^-a-zA-Z0-9_]/', '', $_GET[ $cmc_password_url_parameter ] );
// Remove the old access token from the path
// This prevents infinity loops, if a wrong password was given by url
$cmc_ref = add_query_arg( array( $cmc_password_url_parameter => false ), $_SERVER['REQUEST_URI'] );
// Prepare the redirect target
$cmc_redirect_to_login_location_args_array = array(
'action' => 'postpass',
'access_token' => $cmc_access_token,
'ref' => $cmc_ref,
);
$cmc_redirect_to_login_location = add_query_arg( $cmc_redirect_to_login_location_args_array, '/wp-login.php' );
// Redirect to login to try to authorise the user by setting a cookie
wp_redirect( $cmc_redirect_to_login_location );
// Stop this script. Login script will continue.
exit;
}
}
}
/*
* Turn GET-vars into POST-vars before the login runs the postpass action to set cookie
*/
add_action( 'login_form_postpass', 'cmc_afppwbu_var_preparation' );
function cmc_afppwbu_var_preparation() {
// if parameter was changed by filter
$cmc_password_url_parameter = sanitize_title( apply_filters( 'cmc_afppwbu_url_parameter', 'access_token' ) );
// Set var if page load comes from the redirect
if ( isset( $_GET[ $cmc_password_url_parameter ] ) AND isset( $_GET['ref'] ) ) {
// Inject data into vars so core login can use it
$_POST['post_password'] = $_GET[ $cmc_password_url_parameter ];
// Inject data into vars so after login the redirect end up on the right post
$_REQUEST['_wp_http_referer'] = wp_sanitize_redirect( $_GET['ref'] );
}
}